Privacy Policy

Our Personal Health Information Notice of Privacy Practices (“NPP”)

PLEASE NOTE: For information about how Sutter Health and its affiliates
may use and disclose medical information about you, how you can get access to this
information, and other rights under the Health Insurance Portability and Accountability
Act of 1996 (“HIPAA”), please review our Notice
of Privacy Practices.

Introduction

Sutter Health and its affiliates (“hereafter, “Sutter”), is committed
to providing you with quality health care and fostering a relationship built on trust.
This trust is built, in part, on our commitment to respect the privacy and confidentiality
of your personal information. This privacy policy (“Policy”) describes
how we collect, use, and disclose information that you submit to us or that we collect
through any Sutter website or mobile application that links to this Policy (collectively,
“Sites”).

By accessing our Sites, including by registering for an account with us, when applicable,
you agree to the terms of this Policy, including the collection, use, and disclosure
of your information, as described in this Policy. Our Sites are intended for individuals
age 13 and older. By using our Sites you are affirming that you are 13 years old or
older. If you do not agree with this Policy, please do not use our Sites.

Links to Outside Web Sites

Sutter's Sites have numerous links to outside Internet pages, including social
media platforms and Web sites which might have information on health topics of interest
to you. Sutter, however, does not sponsor or endorse any of these sites, nor does
Sutter make any guarantee, warranty or representation regarding the accuracy of the
information contained on the Web sites. In addition, Sutter has no control over the
privacy or security practices of external Web sites. You should read and understand
the policies of all Web sites with respect to these practices. These links are provided
for your general information and education only, and should NOT be relied upon for
personal diagnosis or treatment. If you have questions, please contact your clinician.

Collection of Personal Information

Sutter collects information about you, and sometimes about your devices, when you
visit our Sites. The information we collect and how we collect that information may
vary depending on the specific website or application. The information we collect
about you through our Sites generally is information that you provide or information
that we automatically collect. For example, you may provide information, including
personal information, in an e-mail or message to us, on a submission form, or through
another feature of one of our Sites. You will need to provide us with certain information
in order for us to create an account for you, as applicable. We also collect information
about you, and sometimes about your computer or device, automatically through cookies
and other technology. This is described in more detail below. In some cases, we may
collect location information from you, including your precise location, if you have
enabled this functionality for Sites. Most mobile devices allow you to change or disable
this functionality by changing the device settings. We also may collect information
regarding how you interact with our Sites and on other websites, such as our social
media platforms. For example, if you “like” a photo on one of our social
media sites, we may collect information related to that interaction. In some cases,
we may receive information about you from third parties. Once we receive this information,
we will use, disclose, and safeguard it as described in this Policy. We may combine
information collected through different Sites or portions of Sites. In the event we
combine personal information collected through our Sites with your personal health
information, we will use and disclose such combined information as described in our
Notice of Privacy
Practices, which relates to our collection, use, and disclosure of medical information.
You may occasionally be asked to complete patient surveys. Sutter may analyze information
submitted via your account as part of descriptive (demographic) studies and reports.
In such cases, we will make reasonable efforts to remove patient-identifying information.

Web Site Visitor Tracking

Visitor Tracking Software

Sutter keeps track of visits to our Sites via an automatic monitoring program that
tells us, among other things, how many visits are made to the site; the time of day
and date of those visits; and which areas of the Sites individuals visited. The monitoring
program does not provide us with any personal information about a visitor. We cannot
discern your name or physical address or other personal information about you. This
information is used to evaluate the effectiveness of our Sites.

Web Logs

The visitor tracking software gathers information from standard Web logs and stores
it on servers at Sutter. These logs may contain information such as the Internet domain
from which you access our Sites; the date and time you visited our Site; the areas
of our site that you viewed; your computer's IP address that is automatically assigned
when you log onto the Internet; the type of browser and operating system you use;
and the address of the Web site you linked from, if any.

All Web logs are stored securely and may only be accessed by Sutter employees or
designees on a professional need-to-know basis for a specific purpose. Sutter uses
Web log information to help us design our Sites; identify popular features; resolve
user, hardware and software problems; and make the site more useful to patients and
other visitors.

Internet Cookies

Sutter may place Internet "cookies" on the computer hard drives of visitors to
our Sites. Cookies help us obtain information about your use of our Sites; they do
not contain information about you or your health history. Sutter uses two types of
cookies: "session" cookies and "persistent" cookies.

A session cookie is temporary and expires after you end a session and close a Web
browser. We may use session cookies to help customize visitors' experiences on our
Sites, maintain a signed-on status while exploring the Sites and track which Web pages
visitors view on our Sites.

On the other hand, persistent cookies remain on your hard drive. For instance,
we use a persistent cookie when we ask you to agree to the use of the Multum Drug
Guide so that when you return to the guide, you do not need to go through the agreement
page again. Persistent cookies will not contain any personal information about you.

You may not be able to use or view some features of our Sites if you decline or
deactivate Internet cookies. For instructions on how to remove cookies from your hard
drive, go to your browser's Web site for detailed instructions. In addition, further
information regarding cookies may be available from your Internet service provider
or operating system provider. Some of our Sites may use Google Analytics to better
understand usage of our Sites. You may opt out of Google Analytics by following the
instructions at: https://tools.google.com/dlpage/gaoptout.
Additionally, you may opt out of certain tracking by many third party advertisers,
by following the instructions found on the following Web sites: Network Advertising
Initiative, http://optout.networkadvertising.org
and Digital Advertising Alliance, http://optout.aboutads.info.

The collection, use, and disclosure of your information, as described in this Policy,
may continue regardless of whether or not you enable “Do Not Track” functionality
on your browser or device.

Use and Disclosure of Personal Information

We may use your information: to contact you (for example, sending you a newsletter
or other informational materials, offers, announcements, or surveys); to communicate
with you about our services, products, and Sites, including to follow up on requests
or questions that you may submit; to track and analyze use of our Sites, including
to prevent, detect, and investigate misuse, fraud, and illegal activities, and to
track and evaluate activity on our Sites; for purposes including enhancing and maintaining
our Sites, services, and products; to process and ship products you purchase or request,
as applicable; to administer sweepstakes, surveys, and contests, as applicable; and
to otherwise run our business.

We may share information that does not specifically identify you, such as aggregate
data, with third parties. Additionally, we may share your information, including your
personal information collected through our Sites, under the following circumstances:
with our third party service providers who perform certain services or functions on
our behalf (for example, we may share your information with a hosting service provider
who hosts one of our Sites that you have visited); in the event of a change in ownership
or control, such as a sale or merger (in the event of a sale or merger, we would request
the new entity adhere to this Policy, however, we may not have control over the new
entity's privacy practices); in accordance with your consent or direction, as permitted
by law; as required to comply with applicable laws and legal process, including a
law enforcement requests; to investigate and defend our and others’ rights and
property (including intellectual property rights); and to protect the personal safety
of us and others.

If you use our Sites from outside the United States, you consent to the transfer
of your information to the United States, and the use and disclosure of your information
as permitted under United States laws.

Accessing Your Information

Accessing Your Online Health Record through My Health Online

We request a limited set of identifying information from you in order to grant
you access to our Sites branded as My Health Online or My Chart, and to customize
your experience. Once logged in to My Health Online, you can access certain information
related to your medical care. Your medical information will be used and disclosed
in accordance with our Notice
of Privacy Practices for health information.

Accessing and Updating Other Personal Information

To request access to other personal information that we may have about you, or
to request changes to that information, you can contact us at SHPI@sutterhealth.org.
We will honor any legal right you may have to access such information, but fees, if
permitted by law, may apply. You will not be permitted to access another individual’s
personal information unless you have legal authority to do so. Requesting deletion
of your information may result in deletion of your account. In some cases, we may
be unable to update or delete your information, or may, in our discretion, deny a
request for access, amendment, or deletion of your personal information if we believe
doing so would violate our policies and procedures or legal requirements, or would
create inaccurate information.

Security Measures

Protecting your confidential health information is a top priority at Sutter. In
addition to applying confidentiality policies that govern access and use of information
by Sutter clinicians and staff, we have implemented physical, administrative, and
technical security features and methods designed to safeguard your data in our information
systems, including the use of, as appropriate, encryption, firewalls, monitoring,
access controls, and other controls where appropriate.

Protecting your username and password

It is extremely important that you keep any of your usernames and passwords for
Sutter Sites completely confidential. Anyone with access to your username and password
will be able to assume your online identity and view your information. For example,
anyone with access to your My Health Online username and password, will be able to
view your medical information, add comments to your record, and communicate with your
Sutter care team. It is your responsibility to prevent disclosure of your usernames
and passwords and to change your usernames and passwords if you feel that their security
has been compromised. You can change your password by logging into your account and
clicking the "Password Settings" link in the "Profile" section of the top menu, where
applicable. If you have any questions regarding the security of your password, please
call our patient services department at (866) 978-8837.

Revisions to this Privacy and Security Policy

As state and federal laws change, and as we add new features to our Sites, Sutter
may periodically revise this Policy. We will post changes to this policy on our Sites.
Your continued use of our Sites following the posting of changes will mean you accept
those changes.

Questions, Concerns and Contact Information

For questions about our privacy practices, please contact us at shpi@sutterhealth.org
or (855) 771-4220. For questions, concerns, and suggestions about the content on My
Health Online, Contact Us.
Note, email to us via this link is not encrypted or secure so please do not include
any personal health information or other sensitive information in your email.